Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Chapter 20 Oracle Secure Backup.
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Managing Security and System Integrity. Value Proposition  Need for high reliability and integrity of information networks  Need for security at multiple.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Optinuity Confidential. All rights reserved. C2O Configuration Requirements.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.
T RIP W IRE Karthik Mohanasundaram Wright State University.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Chapter 7 WORKING WITH GROUPS.
Security SIG August 19, 2010 Justin C. Klein Keane
IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.
Windows Security Mechanisms Al Bento - University of Baltimore.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
SmartLog X 3 TEAM Basic SmartLog X 3 TEAM Basic DescoEMIT.com USER STATUS USER EDIT TEST LOG ADMIN TEST MACHINE SCHEDULE INSTALL System Requirements:
Tripwire Enterprise Server Rule Sets Vincent Fox, Doreen Meyer, and Paul Singh UC Davis, Information and Educational Technology July 25, 2006.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Cosmos Security Feature Overview Product Planning Group Samsung IT Solutions Business 12 July 2010.
Hands-On Microsoft Windows Server 2008
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.
Running Kuali: A Technical Perspective Ailish Byrne - Indiana University Jay Sissom - Indiana University Foundation.
CIS 290 LINUX Security Tripwire file integrity and change management tool and log monitoring.
1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland Sysgem File Synchronizer (SFiS) Manage configuration files on multiple target servers from definitions.
Module 5: Implementing Printing. Overview Introduction to Printing in the Windows Server 2003 Family Installing and Sharing Printers Managing Access to.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Chapter 10: Rights, User, and Group Administration.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
Page 1 NTFS and Share Permissions Lecture 6 Hassan Shuja 10/26/2004.
NMS Case Study-I NetScreen Global Manager CS720H.
Running Kuali: A Technical Perspective Ailish Byrne (Indiana University) Jonathan Keller (University of California, Davis)
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland Sysgem File Synchronizer (SFiS) Manage configuration files on multiple target servers from definitions.
Module 7: Implementing Security Using Group Policy.
The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.
Software in the Data Protector Architecture
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Installing VERITAS Cluster Server. Topic 1: Using the VERITAS Product Installer After completing this topic, you will be able to install VCS using the.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
By Daniel Grim. What Is Windows NT? IPSEC/Windows Firewall NTFS File System Registry Permissions Managing User Accounts Conclusion Outline.
1 A Look at the Application Authorized users can access Communicator! NXT from any Internet-capable computer via the Web.
IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.
Installation. All Rights Reserved © Alcatel-Lucent | Installation Module Objectives  Installation  Startup and process monitoring  Uninstallation.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
ArcGIS for Server Security: Advanced
Integrating ArcSight with Enterprise Ticketing Systems
Integrating ArcSight with Enterprise Ticketing Systems
COP 4343 Unix System Administration
Active Directory and Group Policy
Designing IIS Security (IIS – Internet Information Service)
Features Overview.
Presentation transcript:

Security SIG: Introduction to Tripwire Chris Harwood John Ives

What is Tripwire?  Monitors ‘important’ file and registry values and properties (like access times, flags, owner, etc)  Enables Admins to detect files that are added, modified or deleted  Provides a history of what changes during patching  Two Components (for today’s discussion) Tripwire for Servers (command line) Tripwire Manager (GUI front end)

What can run Tripwire?  Compaq Tru64 UNIX 4.0F, 4.0G, 5.0A, 5.1, 5.1A & 5.1B  FreeBSD 4.5, 4.6, 4.7, 4.10 & 5.3  HP-UX 10.20, 11.0, 11i v1 & 11i v2  IBM AIX 4.3.3, 5.1, 5.2 & 5.3  Linux (kernel 2.2 and glibc 2.x or higher)  Red Hat Enterprise Linux 3 & 4 AS, WS & ES  Solaris (SPARC) 2.6, 7, 8, 9 & 10  Windows NT 4.0, 2000, 2003 & XP Pro

How do you get Tripwire?  Licensed for use by all UC campuses  Locally it is distributed via  Fill out the form and fax in the appropriate paperwork  Download instructions are sent via

Tripwire For Servers  Command Line Utility  Keeps encrypted database of File/Registry Attributes (including 4 hashing algorithms – HAVAL, MD5, SHA and CRC-32)  Can detect changes to 29 object properties and 21 Registry keys/values on windows and 21 object properties on UNIX  Can Notify of changes via syslog, or SNMP  Can output results in XML or HTML

Object Properties - Windows  Archive flag  Read-only flag  Hidden flag  Offline flag  Temporary flag  System flag  Directory flag  Last access time  Last write time  Create time  File size  Turns on event tracking for that object  MS-DOS 8.3 name  NTFS Compressed flag  NTFS Owner SID  NTFS Group SID  NTFS DACL  NTFS SACL  Security descriptor control  Size of security descriptor  CRC-32  MD5  SHA  HAVAL  Number of NTFS streams  CRC-32 hash of all alternative data streams  MD5 hash of all alternative data streams  SHA hash of all alternative data streams  HAVAL hash of all alternative data streams

Registry Properties - Windows  Registry Key Objects Last write time Owner SID Group SID DACL SACL Security descriptor control Size of security descriptor for the key Name of class Number of subkeys Maximum length of subkey name Maximum length of classname Number of values Maximum length for value name Maximum length of data for any value in the key Turns on event tracking for that object  Registry Value Objects Type of value data Length of value data CRC-32 hash of value data MD5 hash of value data SHA hash of value data HAVAL hash of value data

Object Properties - UNIX  File permissions  Inode number  Number of links (inode reference count)  User ID of owner  Group ID of owner  File ize  Device number of the disk where the inode for the file is stored  For device object only; number of the device to which the inode points  Number of blocks allocated  Modification timestamp  Inode creation/modification timestamp  File size (violated if file is not larger than its last recorded size)  Access timestamp  Object Event tracking  Flags  CRC-32  MD5  SHA  HAVAL  ACL settings  Inode generation number

Pass Phrases  Local Passphrase Used to protect the Database and (optionally) report files  Site Passphrase Used to protect the policy and configuration files  Manager Passphrase Stores the local and site passwords of each server using triple-DES encryption with a 168 bit key length

Demonstration Installing Tripwire For Servers on Windows

Demonstration Tripwire For Servers Command Line Options and Default Policy

Installation on Linux  Glibc must be installed Up2date –u glibc or glibc-devel  Install the agent  Site key & local key  Mail method SMTP for relay Sendmail for localhost  SNMP set to no  IP address port 1169 Firewall rules manager to server ( to 1169)  Startup scripts  Start agent  Register in Tripwire Manager

Demonstration Installing Tripwire for servers on Linux

Tripwire Manager  GUI for managing (Policy, Schedule, etc) on Tripwire for Servers  Written in Java (supported on Solaris 7-9, Windows NT and RedHat Linux 7-9 & Enterprise Linux 3 & 4 AS, WS, & ES)  Can manage multiple Tripwire for Servers Installations  Uses SSL to communicate with Tripwire for Servers (bi-directional authentication)

Demonstration Installing Tripwire Manager on Windows

Registering a server  Add Machine Hostname Group Address Port

Demonstration Registering Server with Manager

Demonstration Using Tripwire Manager to edit Policy, Settings and Schedule

Initial Config  Edit config file Event tracking Mail no violation reports Global  Initialize the database (8 min)  Perform integrity check (10 min)  Update policy file Don’t overwrite

Post Integrity Check  View Report Objects  UNIX  Windows  Update database Update, don’t approve violations  Re-run integrity check Continue until status is green

Automation & Reporting  Configure schedules Nightly  Full integrity check Periodical  System configuration files  Other critical application files or directories  Text or HTML reports Level 3 Concise Text format HTML reports can cause SMTP issues

Questions and Answer

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.